The success cyber criminals have had with the recent Mac scareware attack (MacDefender, which has already morphed into a new variant – MacGuard), emphasizes the following point – given the opportunity, Mac users may be just as likely as Windows users to say “Yes” to an invitation to download a rogue security application.

Considering Apple’s marketing style, which reinforces the myth that Macs are inherently more resistant to malware infections than Windows PCs (bolstered by the cachet that Mac users are somehow smarter than PC users), I suspect that Mac users are in for a rough ride in the coming months. Undoubtedly, Mac users will learn that cyber criminals use of social engineering is not platform specific.

Hopefully, this reality check will put a stop to nonsensical forum comments like the following.

“Well this is why I’m glad to have a Mac just saying”

“If Windows didn’t exist these things wouldn’t happen to people”

Since myths tend to die a slow and painful death however, I somehow doubt it.

Early last year, I posted an article – Say “Yes” on the Internet and Malware’s Gotcha! – which pointed out the potential consequences to those Internet users who instinctively, and unthinkingly, click on “Yes” or “OK”. Given the unprecedented rise in the number of malicious scareware applications in the interim (often, but not exclusively, promoted through poisoned Google search results), that article is worth reposting.

The following is an edited version of that earlier article.

Virtually every computer user, at both the home user level (my friends), and at the corporate level, whom I come into contact with, tends to downplay personal responsibility for a malware infection.

I hear a lot of – “I don’t know what happened”; “it must have been one of the kids”; “all I did was download a free app that told me I was infected”; “no, I never visit porn sites” or, Bart Simpson’s famous line “it wasn’t me”. Sort of like “the dog ate my homework”, response. But we old timers, (sorry, seasoned pros), know the reality is somewhat different, and here’s why.

Cybercriminals overwhelmingly rely on social engineering to create an opportunity designed to drop malicious code, including rootkits, password stealers, Trojan horses, and spam bots, on Internet connected computers.

In other words, cybercriminals rely on the user/potential victim saying – “YES”.

Yes to:

Downloading that security app that told you your machine was infected. Thereby, infecting your computer with a rogue security application.

Opening that email attachment despite the fact it has a .exe .vbs, or .lnk.extension, virtually guaranteeing an infection.

Downloading that media player codec to play a porno clip, which still won’t play, but your computer is now infected.

Clicking on links in instant messaging (IM) that have no context, or are composed of only general text, which will result in your computer becoming part of a botnet.

Downloading executable software from web sites without ensuring that the site is reputable. Software that may contain a Browser Hijacker as part of the payload.

Opening email attachments from people you don’t know. At a minimum, you will now get inundated with Spam mail which will increase the changes of a malware infection.

There are many more opportunities for you to say “yes”, while connected to the Internet, but those listed above are some of the the most common.

The Internet is full of traps for the unwary – that’s a sad fact, and that’s not going to change any time soon. Cyber criminals are winning this game, and unless you learn to say “NO”, it’s only a matter of time until you have to deal with a malware infected machine.

Here’s an example of a rogue security application getting ready to pounce. A progressively more common occurrence on the Internet.

I can’t say this often enough. Ensure you have adequate knowledge to protect yourself and stay ahead of the cybercrime curve. Make a commitment to acquire the knowledge necessary to ensure your personal safety on the Internet. In a word, become “educated”.

If you lack this knowledge the answer is simple – you can get it. The Internet is loaded with sites (including this one), dedicated to educating computer users on computer security – including providing application reviews, and links to appropriate security software solutions.

It’s important to be aware however, that security applications alone, will not ensure your safety on the Internet. You really do need to become proactive to your Internet safety and security. And that does mean becoming educated.

Internet users who are aware of significant changes in the Internet security landscape, will react accordingly. Unfortunately, experience has taught me that you can’t fix stupid.

Before you say “yes”

Stop – consider where you’re action might lead

Think – consider the consequences to your security

Click – only after making an educated decision to proceed

Consider this from Robert Brault:

“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.

If users followed advice posted here, and advice from other security pros, and high level users, the Internet could be a vastly different experience for many. At the very least, we might have half a chance of dealing more effectively with the cybercriminal element. To this point, we’re losing rather magnificently.

Computer users would be vastly better off if they considered Internet security advice, as a form of inoculation. It’s a relatively painless way to develop immunization. While inoculations can be mildly painful, the alternative can be a very painful experience.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

10 responses to “Scareware Is Everywhere – As Mac Users Just Found Out”

Hey Bill,
That screenshot of antivirus pro had me cracked up. “Pervent data loss”. The idiots can’t spell.
If I had a dollar for every person I’ve met who says “Oh, I know about computers, I’m ok”, I’d be rich. Usually the same people who end up with an unworkable machine and/or had their identity and money ripped off.
I consider myself up to speed on internet security, but I will never become complacent. The bad guys don’t, neither will I.
Cheers

Hi Bill,
Some factoids and info for Mac users. The recent crop of Malware is likely only the beginning, the eastern European mob has begun developing malware “kits” to target Macs. New variants on the exploit no longer require password to begin to install. Going into “System Preferences” for Safari web browser and make sure Open “Safe” Files after downgrading is unchecked will help protect you as will running a different browser. Removing the current 2 generations of malware can be handled by programs such as “APPZapper” which remove all unwanted programs and associated files.
Hope it helps anyone who has been bitten, unfortunately Apple hasn’t been very forthright in dealing with this.
Take care.
Mark

Bill,
I couldn’t agree more! Nice article. Here’s my two cents: back when hackers were mostly amateurs who hated Microsoft…and were probably MAC users, MACS got a pass from them, and the cyber crooks left them alone because their numbers were much smaller than Windows users. Now that organized cybercrime has stepped onto the scene, they are attacking everyone who uses the Internet…as you wisely note “social engineering is not platform specific”.
Finally, somehow I think those MAC users who rubbed Windows users noses in it in the past, as you noted…will almost certainly blame their new found vulnerabilities on Windows users. Mark my words.
Keep up the good fight!
Best,
Paul

I know it’s mean to think so – but, I can’t help but feel that Apple deserves to be kicked off their self created “malware immunity” pedestal. They’ve gotten away with this blatant lie for years. Now, Mac users will be forced to deal with the “real” Internet that the rest of us have had to deal with for years. You’ll have to pardon me if I laugh up my sleeve.

Excellent article sir. On the corporate side, since the Great Recession, companies have severely if not entirely cut back on security training for their employees and customers. This opens the gate for social engineering and phishing scams. Add on top of that the delusion that Macs are immune to malware and viruses, sprinkle some iDevices accessing sensitive corporate data and you have a recipe for a rude awakening.

As I continually remind my clients, it’s not about the technology it’s about the people, policies and the general housekeeping of the technology infrastructure. This is perfectly encapsulated with the SONY fiasco in my view.

Apple with just have to have a few large breaches of their OS or devices, this will pierce the “executive bubble” that surrounds the C-Suite and deflate the image of immunity in the eyes of the end-user.

Blogroll

Daves Computer Tips
Our goal is, and always has been, “To become the best source of easy to understand, plain English computer and tech information on the internet while helping others to better understand computers and technology.”

Manitoulin Island Web Design
Pat Keenan here, at your service, but call me POKO – I’m a nighthawk staying up until all hours so if you need to call, kindly do so after 11AM.

Paul Andrew Russell ~ poet
An excellent poetry site written by my good friend. If you’re looking for prose to ponder then, drop in on Paul.

What's On My PC
The intent of this blog is to share my knowledge base of computers, software, gadgets and information technology in terms that is presentable and understandable to ALL; and at the same time feed my obsession for information technology by learning from oth